Configuring Service Providers

A list of coupled Service Providers is provided on your environment's dashboard page. Connectis will preconfigure one Service Provider simulator on pre-production environments, which you can use to simulate logout requests and inspect login responses. See Performing a login flow using the Service Provider Simulator on how to use this.

SAML

To add your own SAML Service Provider application, follow these steps:

  1. Download the metadata of your Service Provider application.

  2. Click Add SP on the dashboard page of your environment.

  3. Download the Connectis Identity Broker metadata and upload this to your application. (The Connectis Identity Broker metadata is also available from the Dashboard page.)

  4. Upload the metadata of your Service Provider and Save your new Service Provider. The metadata needs to adhere to the following requirements:

    1. Contains at least one signing certificate

    2. Contains at least one Assertion Consuming Service

    3. Contains at least one Country Code in Accepted Countries (each country code is 2 uppercase letters)

    4. Contains at least one Display Name

    5. Contains an Entity Id

    6. Contains an Organization containing at least one Display Name

  5. In the Advanced section, select the Protocol Configuration, Attribute Configuration and Levels of Assurance you want to use. Note: the default selected configurations work in most scenarios. You only need to change these if you have specific requirements.

  6. Click Save & Close.

  7. Browse to your Service Provider application and login. You should now be able to login to your Service Provider application using the Connectis Identity Broker.

OpenID Connect

To add your own OpenId Service Provider application, follow these steps:

  1. Click Add OpenId SP on the dashboard page of your environment.

  2. Complete mandatory fields:

    • Client Id

    • Client Type

    • Client secret (only when Client Type is Server Application)

    • Client Secret Expiry Date (only when Client Type is Server Application)

      • This value is default 1 year in the future

    • JWT Claims Validity (in days)

    • Token expiration (in seconds)

      • Authorization Code (maximum 3 minutes)

      • Access Token (maximum 31 days)

      • Refresh Token

    • Encryption Certificate

    • Redirect Endpoints (redirect endpoint to your application)

  3. Click Save & Close

  4. Browse to your Service Provider application and login. You should now be able to login to your Service Provider application using the Connectis Identity Broker.